Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cisco Discloses Critical IPS Vulnerability

Cisco yesterday announced yet another vulnerability, this time in the company's Intrusion Prevention System (IPS). The news comes on the same day that Cisco announced vulnerabilities in Cisco Unified CallManager (CUCM) 5.0 , and the Cisco Router Web Setup (CRWS) application .

According to the Cisco Security Advisory, the vulnerability exists in the custom device driver used with the IPS's Intel-based gigabit network adapters. A malformed IP packet received on such an adapter may cause the IPS to stop processing packets, producing alerts, performing automated actions such as logging, and to become inaccessible remotely or via the console.

The Advisory further notes that when deployed as an inline device, the IPS will also stop forwarding packets between interfaces and may cause a network outage. IPS devices configured to use the auto-bypass feature will also fail to forward packets. Attackers may use this vulnerability to disable an IPS device to hide malicious activity.

This vulnerability only affects certain IPS devices when configured to use Intel-based gigabit network adapters as sensing interfaces, not as a management interface. A power reset is required to recover the IPS device. There are no workarounds, however Cisco says it has made free software available to address these vulnerabilities for affected customers.

Some users downplayed the risks posed by these threats. "No one in their right mind would implement an IP-voice solution that was exposed directly to the Internet, or for that matter, even internal users," Ethan Simmons, a partner at Boston-based solution provider NetTeks told CRN magazine.

  • 1